03.13.02 —
What this control requires
Source: NIST SP 800-171 R3 §03.13.02 (official control text).
Why this matters
Mobile devices—laptops, tablets, smartphones—routinely leave the physical security perimeter and connect to untrusted networks. Without centralized control, these endpoints become unmanaged attack surfaces where malware can persist, sensitive data can leak through misconfigured settings, and compromised devices can bypass network defenses when they reconnect. This control requires organizations to establish technical oversight of mobile devices accessing CUI, ensuring they meet baseline security standards before connecting to organizational systems. It protects against device-borne threats, enforces encryption and patching requirements, and enables remote wipe capabilities when devices are lost or stolen.
What evidence assessors expect
Assessors typically look for: screenshot, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.13.02.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →